xfrm: fix bug with DSCP copy to v6 from v4 tunnel

When copying the DSCP bits for decap-dscp into IPv6 don't assume the outer encap is always IPv6. Instead, as with the inner IPv4 case, copy the DSCP bits from the correctly saved "tos" value in the control block. Fixes: 227620e29509 ("[IPSEC]: Separate inner/outer mode processing on input") Signed-off-by: Christian Hopps <chopps@chopps.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Christian Hopps <chopps@chopps.org> 2023-01-26 19:33:50 +0300
committer: Steffen Klassert <steffen.klassert@secunet.com> 2023-01-30 13:31:58 +0300
commit: 6028da3f125fec34425dbd5fec18e85d372b2af6 (patch)
tree: 00bb040bef0f0405cfc3b7c17bc965fcfd2b81ac /net
parent: 0a9e5794b21e2d1303759ff8fe5f9215db7757ba (diff)
download: linux-6028da3f125fec34425dbd5fec18e85d372b2af6.tar.xz
1 files changed, 1 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index c06e54a10540..436d29640ac2 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -279,8 +279,7 @@ static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
 		goto out;
 
 	if (x->props.flags & XFRM_STATE_DECAP_DSCP)
-		ipv6_copy_dscp(ipv6_get_dsfield(ipv6_hdr(skb)),
-			       ipipv6_hdr(skb));
+		ipv6_copy_dscp(XFRM_MODE_SKB_CB(skb)->tos, ipipv6_hdr(skb));
 	if (!(x->props.flags & XFRM_STATE_NOECN))
 		ipip6_ecn_decapsulate(skb);
author	Christian Hopps <chopps@chopps.org>	2023-01-26 19:33:50 +0300
committer	Steffen Klassert <steffen.klassert@secunet.com>	2023-01-30 13:31:58 +0300
commit	6028da3f125fec34425dbd5fec18e85d372b2af6 (patch)
tree	00bb040bef0f0405cfc3b7c17bc965fcfd2b81ac /net
parent	0a9e5794b21e2d1303759ff8fe5f9215db7757ba (diff)
download	linux-6028da3f125fec34425dbd5fec18e85d372b2af6.tar.xz